Allocating Security Resources to Protect Critical Infrastructure

Abstract: Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR poses significant threats to the continuity of these systems and can result in property damage, human casualties and significant economic losses. In recent years, efforts to both identify and mitigate systemic vulnerabilities through federal, state, local and private infrastructure protection plans have improved the readiness of the United States for disruptive events and terrorist threats. However, strategies that focus on worst-case vulnerability reduction, while potentially effective, do not necessarily ensure the best allocation of protective resources. This vulnerability conundrum presents a significant challenge to advanced disaster planning efforts. The purpose of this paper is to highlight the conundrum in the context of CIKR.

Comments

"... strategies that focus on worst-case vulnerability reduction, while potentially effective, do not necessarily ensure the best allocation of protective resources."

In many parts of the world, "critical infrastructure and key resources" are owned and operated by publicly-owned corporations. In such corporations, one must be prepared to show very clear, precise economic returns on resource allocation to executive-level decision-makers.

Sort of like showing me why I should spend my hard-earned $0.99 to rent the article for 24 hours or purchase it for $24.95 .

@NobodySpecial
the correct way to protect the water plant from enemy hackers is to not hook it up to the internet.

I have no idea why so many think everything has to be hooked to the internet. What's the benefit here? Those who operate the plant should be inside it, and able to fix problems when something goes wrong. If it needs remote monitoring, there are many ways to do that without the internet (they've been used for decades).